Application Logics
Authorization Models
In an application, there are different models to manage and operate the authorizations of the operations that can be done and seen after identification during access through the user interface or API, for example Attribute-Based Access Model or Role-Based Access Models.
Following the identification of users or other systems, you must allow the actions they may conduct on certain resources.
For example, the operations to be conducted by a User and an Administrator will differ, as would the operation capabilities of persons in other positions.
Currently, there are two sorts of permission models. The first one is
Role-Based Access Models
Role-based access model is an authorization model where authorizations are kept on roles.
In this model structure
- Organization: Organization, i.e. a structure that holds more than one Role, Role hierarchy.
- Role: At the organization level, administrator, user, customer, etc… are the concepts that we create with jobs and define authorizations.
- Subject: The person using the system or another system.
Resources: Resources. - Operations: These are the operations that can be done on resources. Read, Write etc.
- Permission: Our definitions of operation authorizations on resource(s).
- Session: Subject is the Role and Permission connections on the Resource.
Attribute-Based Access Models (Policy-Based)
In the example above, an authorization is set up through Roles, while Attribute-Based recommends that you create and use Attribute (Policy-based through Properties) authorizations to provide a more detailed and flexible use.
Qualifications
While attributes can belong to anything or anyone, they can be analyzed in 4 categories;
- Subject Attributes: The attributes of the Person Using or other system using, role, job, place of residence, age, system speed, etc….
2. Action attributes: Attributes that describe the action being attempted read, write, see, change, bind
3. Resource(Object) attributes: The attributes of the accessed resource or Object (Bank Card Number, CCV number, Code, Date…)
4. Contextual (environment) attributes: Attributes that deal with time, location or dynamic aspects of access.
As you can see, Policy Based structures (policies) built on attributes allow us to authorize in a very flexible structure.
It allows us to define policies in great detail.
- Do we prohibit or allow?
- Which Resource are we going to operate on?
- What is the action on this…
As above, when we define many policies over attributes and assign them to roles, we can now make roles dynamically change according to attributes.